CLAIMS: 

1 . A network device comprising: 
at least one network port; 

a masks table containing filter information and a mask key; 

a rules table having corresponding rules to said filter information and 
being related to said mask table by said mask key; 

a pointers table containing boundary data related to said rules for 
corresponding filter information; and 

a fast filter processor coupled to said mask table, said rules table and 
said pointers table, and configured to perform at least one binary search for at 
least one rule related to a data packet received by said network device at 
said at least one network port, said binary search being limited based on said 
boundary data in said pointers table. 

2. The network device of claim 1 , wherein said filter information in 
said rules table is sorted in order, said pointers table contains addresses of 
maximum and minimum rules in said rules table for each specific mask key 
value, and wherein said fast filter processor is configured to calculate 
parameters of said at least one binary search based upon said addresses of 
maximum and minimum rules in said rules table for each specific mask key 
value. 

3. The network device of claim 2, wherein said fast filter processor 
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is configured to receive said packet and AND said packet with at least one of 
said filter information related to a single mask key to generate a product, to 
calculate the parameters of said at least one binary search based upon said 
addresses of maximum and minimum rules in said rules table for said single 
mask key value, and to retrieve at least one rule from said rules table based 
on the results of said at least one binary search based on said product. 

4. The network device of claim 1 , wherein said fast filter processor 
comprises semiconductor-based processor components. 

5. The network device of claim 3, wherein said fast filter processor 
is configured to loop through every mask key for said filter information, to 
AND each of said filter information with said packet, to initiate a binary search 
for each product, and to store all results of each said binary search. 

6. The network device of claim 1 , further comprising: 

a CPU coupled to said fast filter processor, said rules table, said mask 
and said pointers table, and configured to store and maintain data in said 
rules table, said masks table and said pointers table, and to create said 
minimum and maximum address information in said pointers tables based on 
inserts and updates to said masks tables or said rules tables. 

7. The network device of claim 2, wherein said parameters include 
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number of search steps, search start address and delta per step. 

8. A fast filter processing circuit, comprising: 

a rules table having an input and output, and configured to store rules 
related to a network function; 

a masks table having an input and output, and configured to store 
masks related to said rules; 

a pointers table having an input and output; 

a signal generator coupled to said masks table and said pointers table, 
and configured to generate a next mask signal; 

a multiplier coupled to the output of said masks table and to a data 
packet input, said multiplier configured to multiply a mask output from said 
masks table and a data packet input from said data packet input and to output 
a product of said mask and said data packet; 

a comparator coupled to the output of said rules table and the output of 
said multiplier, and configured to compare said product with a rule output from 
said rules table and to generate a comparison signal; 

a multiplexer having a plurality of data inputs and a control input, said 
control input coupled to an output of said comparator, said multiplexer 
configured to output an address signal being one of said plurality of data 
inputs based on said comparison signal input to said control input; 

a feedback loop coupled to the output of said multiplexer and the input 
of said rules table, to a first input of said comparator, to a subtractor and to an 
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adder; 

wherein data in said pointers table defines a number of steps for a 
search and a starting address for said search, said subtractor subtracts a 
jump value from an input and outputs an address less than a current address 
by the jump value to a second input of said multiplexer, said adder adds said 
jump value to an input and outputs an address greater than a current address 
by the jump value to a third input of said multiplexer, and said circuit outputs 
said output of said rules table, such that a rule matching said data packet 
based on said mask is output of said circuit. 

9. The circuit of claim 8, wherein said multiplier comprises an AND 

gate. 

1 0. The circuit of claim 8, wherein said comparator is configured to 
output a first comparison signal when said rule and said data packet input to 
said comparator match, and said multiplexer is configured to output a signal 
from a first input of said plurality of data inputs, said first input signal being a 
current address of said search. 

1 1 . The circuit of claim 8, wherein said comparator is configured to 
output a second comparison signal when the value said rule input to said 
comparator is less than the value of said data packet input to said comparator 
match, and said multiplexer is configured to output a signal from a second 
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input of said plurality of data inputs, said second input signal being a next 
address of said search. 

12. The circuit of claim 8, wherein said comparator is configured to 
output a third comparison signal when the value said rule input to said 
comparator is greater than the value of said data packet input to said 
comparator match, and said multiplexer is configured to output a signal from a 
third input of said plurality of data inputs, said third input signal being a next 
address of said search. 

13. The circuit of claim 9, wherein when said rule and said data 
packet match, said rule output of said circuit is held at a current rule for said 
current address for a remainder of search steps. 

1 4. A method of filtering a packet in a network device, said network 
device having a data packet input port and configured to perform at least one 
network function, said method comprising the steps of: 

providing a masks table, a rules table and a pointers table; 

relating mask data in said masks table to rules data in said rules table 
with a key, one of said mask data corresponding to one or more of said rules 
data; 

defining pointer data in said pointers tables defining a maximum and 
minimum address of corresponding rule data for each of said mask data 
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receiving a data packet at said data packet input port; 
multiplying said data packet with one of said mask data to produce a 
product; 

searching said rules table based on said product and said maximum 
and minimum address data for said one of said mask data for a match 
between said product and rules data corresponding to said one of said mask 
data; and 

outputting said match to a function within said network device in order 
to perform said at least one network function. 

15. The method of claim 14, wherein said providing step includes a 
step of sorting data in said masks table, said rules table and said pointers 
table numerically, and said searching step includes searching said rules table 
with a binary search. 

16. The method of claim 14, further comprising a step of looping 
through each of said masks data and performing each step for each of said 
masks data in order to determine matches between said product for each of 
said masks data and said data packet with said corresponding rules data. 

17. The method of claim 14, wherein said search step includes a 
step of calculating parameters of said binary search based on said maximum 
and minimum address data. 
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1 8. The method of claim 1 8, wherein said calculating step includes 
calculating a number of steps for said binary search, a initial address for said 
binary search, and a delta for each of said number of steps. 

1 9. A network device comprising: 
at least one network port; 

a masks table means for containing filter information and a mask key; 

a rules table means for corresponding rules to said filter information 
and being related to said masks table by said mask key; 

a pointers table means for containing boundary data related to said 
rules for corresponding filter information; and 

a fast filter processor means for coupling to said mask table, to said 
rules table and to said pointers table, and for performing at least one binary 
search for at least one rule related to a data packet received by said network 
device at said at least one network port, said binary search being limited 
based on said boundary data in said pointers table. 

20. The network device of claim 1 9, wherein said filter information in 
said rules table means is sorted in order, said pointers table means contains 
addresses of maximum and minimum rules in said rules table means for each 
specific mask key value, and wherein said fast filter processor means is for 
calculating parameters of said at least one binary search based upon said 
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addresses of maximum and minimum rules in said rules table for each 
specific mask key value. 

21. The network device of claim 20, wherein said fast filter 
processor means is for receiving said packet and AND said packet with at 
least one of said filter information related to a single mask key to generate a 
product, calculating the parameters of said at least one binary search based 
upon said addresses of maximum and minimum rules in said rules table 
means for said single mask key value, and retrieving at least one rule from 
said rules table based on the results of said at least one binary search based 
on said product. 

22. The network device of claim 19, wherein said fast filter 
processor means comprises semiconductor-based processor components. 

23. The network device of claim 21, wherein said fast filter 
processor means is configured to loop through every mask key for said filter 
information, to AND each of said filter information with said packet, to initiate 
a binary search for each product, and to store all results of each said binary 
search. 

24. The network device of claim 19, further comprising: 

a processor means coupled to said fast filter processor means, said 
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rules table means, said masks table means and said pointers table means, 
and configured to store and maintain data in said rules table means, said 
masks table means and said pointers table means, and to create said 
minimum and maximum address information in said pointers tables means 
based on inserts and updates to said masks tables means or said rules tables 
means. 

25. The network device of claim 20, wherein said parameters 
include number of search steps, search start address and delta per step. 

26. A fast filter processing circuit, comprising: 

a rules table means having an input and output, and for storing rules 
related to a network function; 

a masks table means having an input and output, and for storing 
masks related to said rules; 

a pointers table means having an input and output; 

a signal generator means coupled to said masks table means and said 
pointers table means, and for generating a next mask signal; 

a multiplier means coupled to the output of said masks table means 
and to a data packet input means, said multiplier means for multiplying a 
mask output from said masks table means and a data packet input from said 
data packet input means and outputting a product of said mask and said data 
packet; 
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a comparator means coupled to the output of said rules table means 
and the output of said multiplier means, and for comparing said product with a 
rule output from said rules table means and generating a comparison signal; 

a multiplexer means having a plurality of data inputs and a control 
input, said control input coupled to an output of said comparator means, said 
multiplexer for outputting an address signal being one of said plurality of data 
inputs based on said comparison signal input to said control input; 

a feedback loop means coupled to the output of said multiplexer 
means and the input of said rules table means, to a first input of said 
comparator means, to a subtractor means and to an adder means; 

wherein data in said pointers table means defines a number of steps 
for a search and a starting address for said search, said subtractor means 
subtracts a jump value from an input and outputs an address less than a 
current address by the jump value to a second input of plurality of data inputs 
of said multiplexer means, said adder means adds said jump value to an input 
and outputs an address greater than a current address by the jump value to a 
third input of plurality of data inputs of said multiplexer, and said circuit 
outputs said output of said rules table means, such that a rule matching said 
data packet based on said mask is output of said circuit. 

27. The circuit of claim 26, wherein said multiplier means comprises 
an AND gate. 



32878-1 



62 



28. The circuit of claim 26, wherein said comparator means is 
configured to output a first comparison signal when said rule and said data 
packet input to said comparator means match, and said multiplexer means is 
configured to output a signal from a first input of said plurality of data inputs, 
said first input signal being a current address of said search. 

29. The circuit of claim 26, wherein said comparator means is 
configured to output a second comparison signal when the value said rule 
input to said comparator means is less than the value of said data packet 
input to said comparator means match, and said multiplexer means is 
configured to output a signal from a second input of said plurality of data 
inputs, said second input signal being a next address of said search. 

30. The circuit of claim 26, wherein said comparator means is 
configured to output a third comparison signal when the value said rule input 
to said comparator means is greater than the value of said data packet input 
to said comparator means match, and said multiplexer means is configured to 
output a signal from a third input of said plurality of data inputs, said third 
input signal being a next address of said search. 

31. The circuit of claim 27, wherein when said rule and said data 
packet match, said rule output of said circuit is held at a current rule for said 
current address for a remainder of search steps. 
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